Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Tenable Nessus Agent 7.2.0 - 8.2.2 Multiple Vulnerabilities (TNS-2021-04)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Tenable Nessus Agent is prone to multiple vulnerabilities.
Insight
Insight
The application was found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the provider. Nessus Agent version 8.2.3 will update OpenSSL to 1.1.1j.
Affected Software
Affected Software
Tenable Nessus Agent version 7.2.0 through 8.2.2.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 8.2.3 or later.